Attackers are using fake Telegram groups and Twitter accounts to target crypto users with sophisticated scam tactics

Web3 anti-scam platform Scam Sniffer has identified a new strategy by crypto scammers to target users on Telegram. In a post on X, the platform observed that these bad actors now use fake Telegram groups and the impersonation of crypto personalities.

According to Scam Sniffer, crypto bad actors rely heavily on the Telegram Safeguard Bot scam to access users’ devices and steal funds. They create fake X (formerly Twitter) accounts that impersonate crypto influencers.

They use these impersonated accounts to comment on legitimate posts, asking users to join their Telegram groups, where they share alpha and insights. However, users who join these groups are immediately prompted to verify a fake OfficialSafeguardBot.

Any user who verifies will unwittingly inject malicious PowerShell code into their clipboard. Upon executing the command, it downloads and operates malware that can compromise devices and crypto wallets. SlowMist founder Yu Xian, popularly known as Cos, noted that the malware is a Trojan horse. He said:

“When you run this Powershell command, a more complex Powershell malicious code will be downloaded covertly, and eventually the Remcos remote control Trojan will be implanted in your computer, thus compromising your computer.”

Cos further explained that there is another Telegram Safeguard scam where hackers trick users into releasing their account information. The scam tries to hack users’ Telegram accounts by asking for their mobile phone numbers or requesting that they scan a QR code and provide their login code and the two-step verification password, allowing it to control the account fully.

Fake crypto accounts are growing on X again

Meanwhile, the prevalence of the Telegram scams has also led to a rise in the number of fake crypto accounts on Twitter over the last few days. ScamSniffer reported that its monitoring systems discovered an average of 300+ fake accounts daily over the past week.

This represents a significant surge from the average of 160+ throughout November and highlights the return of the fake accounts problem to X (formerly Twitter). Although the issue appeared to have been resolved earlier this year, the resurgence in crypto prices has also led to increased crypto impersonations, suggesting a correlation between the two.

X impersonations rose significantly between November 29 and early December, when Bitcoin rallied and broke the $100,000 mark. However, they now appear to declined, just as Bitcoin and other major caps also recorded price corrections.

These fake accounts have already made millions of unwitting victims who clicked on the malicious links. Scam Sniffer reported that two victims recently lost over $3 million to these malicious links. Several other victims also lost funds after clicking on phishing comments from fake accounts under the Pudgy Penguins tweets.

Interestingly, scammers are not just creating fake accounts; they are also compromising popular accounts to push crypto scams.

Scam Sniffer recommended several protection tips, including avoiding unknown links and software, verifying official channels, and being cautious of any time-pressured verification. As the anti-scam watchdog noted, crypto scams continue to evolve beyond simple phishing, and it is important to stay vigilant.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan